Chapter 4 Study Guide: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
 
Line 402: Line 402:


[[File:special permissions.jpg]]
[[File:special permissions.jpg]]
'''Example of setting Sticky Bit in special permissions'''


{root@server1 ~} # ls -l
{root@server1 ~} # ls -l

Latest revision as of 03:05, 10 February 2012

Filesystem Hierarchy Standard

  • Defines a standard set of directories, their subdirectories and file content used by Linux and UNIX
  • Allows a user proficient with Linux t navigate UNIX easier.
  • Gives software developers to locate files on different distributions of Linux
  • Allows creation of software that is not distribution specific


Finding Files

locate command

The fasted method for finding files

The locate command searches a premade database that contains a list of all the files on the system. The database is indexed much like a text book. The database used is updated each day automatically or can be updated manually by running the updatedb command.

ex. [root@server1 ~]# locate inittab /etc/inittab /usr/share/man/man5/inittab.5.gz /user/share/vim/vim72/syntax/inittab.vim

find command

Slower but more versatile method for locating files

Does not use a premade index, but searches the directory tree recursively, starting from a certain directory, for files that meet a certain criteria.

The format of the find command is as follows:

find <start directory> -criteria <what to find>

can use many different criteria to search for files

-amin - x  -  searches for files that were accessed less than x minutes ago
-amin + x  -  searches for files that were accessed more than x minutes ago
-atime - x -  searches for files that were accessed less than x days ago
-atime + x -  searches for files that were accessed more than x days ago
-empty     -  searches for empty files or directories
-fstype x  -  searches for files if they are on a certain filesystem 
-group x   -  searches for files that are owned by a certain group or GID
-inum x    -  searches for files that have an inode number of x
-mmin - x  -  searches for files that were modified less than x minutes ago
-mmin + x  -  searches for files that were modified more than x minutes ago
-mtime - x -  searches for files that were modified less than x days ago
-mtime + x -  searches for files that were modified more than x days ago
-name x    -  searches for a certain filename
-regexp x  -  searches for certain filenames using regular expressions instead of wildcards
-size - x  -  searches for files with a size less than x
-size + x  -  searches for files with a size larger than x
-size x    -  searches for files with a size of x
-type x    -  searches for files of type x where x is:
                 b for block files
                 c for character files
                 d for directory files
                 p for named pipes
                 f for regular files
                 l for symbolic links
                 s for sockets
-user x    -  searches for files owned by a certain user or GID


Modify file and directory ownership

When a user create a file or directory, that users name and primary group becomes the owner and group owner of the file.

The permission structure is affected.

It also determines the ability to modify file and directory permissions and ownership.

Only two users on a Linux system can modify permissions on a file or directory or change its ownership:

The owner of the file or directory and the root user.

Example: to view your current user name, you can type the whoami command.To view your group name you can type the groups command.

[roots@server1 -] # whoami

Root

[root@server1 -] # groups

Root bin daemon sys adm disk wheel

[root@server1 -] #_

To quickly create an empty file, you can use the touch command.

[root@server1 -] # touch file1

[root@server1 -] # ls –l

Total 4 drwx- - - - 3 root root 4096 Apr 8 07:12 Desktop

-rx-r- -r-- 1 root root 0 Apr 29 15:40 file1

[root@server1 -] #

To change the ownership of a file or directory, you can use the chown (change ownership) command. Which takes two arguments at minimum. The new owner and the files directories to change.

Both arguments can be absolute or relative pathnames, and you can change permissions recursively, throughout the directory tree using the –R option to the chown command.

To change the ownership of file1 to the user “user1” and the ownership of the directory Desktop and all its contents to “user1” as well, you can use these commands.

[root@server1 -] # chown user1 file1

[root@server1 -] # chown –R user1 Desktop

[root@server1 -] # ls –l

total 4

drwx 3 user1 root 4096 Apr 8 07:12 Desktop

-rw-r- -r- - 1 user1 root 0 Apr 29 15:40 file1

[root@server1 -] # ls -1 Desktop

Total 16

-rw- - - - - 1 user1 root 163 Mar 29 09:58 Floppy

-rw-r- -r-- 1 user1 root 163 Mar 29 09:58 Home

-rw-r- -r-- 1 user1 root 163 Mar 29 09:58 Start Here

-rw-r- -r-- 1 user1 root 163 Mar 29 09:58 Trash

[root@server1 -] #

If a regular user changes ownership of a file or directory that he owns, that user cannot gain back ownership. Instead the new owner of that fle or directory must change it to the original user. However, the previous examples involve the root user, who always has the ability to regain ownership.

[root@server1 -] # chown root file1

[root@server1 -] # chown –R root Desktop

[root@server1 -] # ls –l

total 4

drwx 3 root root 4096 Apr 8 07:12 Desktop

-rw-r- -r- - 1 root root 0 Apr 29 15:40 file1

[root@server1 -] # ls -1 Desktop

Total 16

-rw- - - - - 1 root root 163 Mar 29 09:58 Floppy

-rw-r- -r-- 1 root root 163 Mar 29 09:58 Home

-rw-r- -r-- 1 root root 163 Mar 29 09:58 Start Here

-rw-r- -r-- 1 root root 163 Mar 29 09:58 Trash

Just like the chown command. You can use the chgrp (change group) command to change group owner of a file and directory. The same rules apply.

Example:

[root@server1 -] # chgrp sys file1

[root@server1 -] # chgrp –R sys Desktop

[root@server1 -] # ls –l

total 4

drwx 3 root sys 4096 Apr 8 07:12 Desktop

-rw-r- -r- - 1 root sys 0 Apr 29 15:40 file1

[root@server1 -] # ls -1 Desktop

Total 16

-rw- - - - - 1 root sys 163 Mar 29 09:58 Floppy

-rw-r- -r-- 1 root sys 163 Mar 29 09:58 Home

-rw-r- -r-- 1 root sys 163 Mar 29 09:58 Start Here

-rw-r- -r-- 1 root sys 163 Mar 29 09:58 Trash

Note: Regular users can change the group of a file or directory only to a group they belong.

Normally, you change both the ownership and group ownership on a file that needs to be maintained by someone else. You can change both at the same time using the chown command.

To change the owner to user1 and the group owner to root for file 1 you will use these commands.

[root@server1 -] # chown user1.root file1

[root@server1 -] # chown –R user1.root Desktop

[root@server1 -] # ls –l

total 4

drwx 3 user1 root 4096 Apr 8 07:12 Desktop

-rw-r- -r- - 1 user1 root 0 Apr 29 15:40 file1

[root@server1 -] # ls -1 Desktop

Total 16

-rw- - - - - 1 user1 root 163 Mar 29 09:58 Floppy

-rw-r- -r-- 1 user1 root 3578 Mar 29 09:58 Home

-rw-r- -r-- 1 user1 root 1791 Mar 29 09:58 Start Here

-rw-r- -r-- 1 user1 root 4096 Mar 29 09:58 Trash

To protect your systems security, you should ensure that most files residing in a users home directory are owned by that user. To change the ownership back to the root user for file1 and the Desktop directory to avoid future problems. You can type the following.

[root@server1 -] # chown root.root file1

[root@server1 -] # chown –R root.root Desktop

[root@server1 -] # ls –l

total 4

drwx 3 user1 root 4096 Apr 8 07:12 Desktop

-rw-r- -r- - 1 user1 root 0 Apr 29 15:40 file1

[root@server1 -] # ls -1 Desktop

Total 16 -rw- - - - - 1 root root 163 Mar 29 09:58 Floppy

-rw-r- -r-- 1 root root 3578 Mar 29 09:58 Home

-rw-r- -r-- 1 root root 1791 Mar 29 09:58 Start Here

drwx- - - - - 2 root root 4096 Mar 29 09:58 Trash

[root@server1 -] #

Interpreting File Permissions

All files contain information regarding permissions in the “mode” Mode is broken into three sections based on the users who receive the permissions

User (owner) permissions

Group (group owner) permissions

Other (everyone else) permissions

Each of the users can be assigned different permissions

Read – allows user to open and read file

- allows user to list contents of directory (if given execute permission)

Write – allows user to open, read, and edit file

- allows user to add or remove files to and from directory (if given execute)

Execute – allows user to execute the file in memory

- allows user to enter directory and work with contents

Changing File Permissions

There are two different methods for changing file permissions

Symbolic

Numeric

Uses the “chmod” command to change permissions

The chmod command takes two arguments at minimum

The first argument specifies the criteria to change permissions The remaining arguments indicate the filename to change

Symbolic Method

You must first determine user to apply permissions to

U (user)

G (group)

O (other)

A (all categories)

Permissions can be added, subtracted, or specify exact permissions

+ adds permissions

- subtracts permissions

= defines exact permissions

Uses three permission levels

R (read)

W (write)

X (execute)

When typing the users, they are separated by commas. Also ensure that there are no spaces between any criteria.

ex

  1. chmod u+r,g+r,o+r file1
  1. chmod u-wr file1

Numeric Method

Uses binary powers of two to determine permissions

Each user category assigned permissions of 0-7

R(read) = 4

W(write)=2

X(execute=1

None = 0

Add the values of desired permissions to determine the number to input

ex.

  1. chmod 540 file1

User has read and execute, group has read, other has none


Understand and Create linked files

What is a linked file? A link is a way of matching two or more file names to the same set of file data.

How many ways can a file be linked? 2 ways

What are they? A symbolic link, or symlic and A hard link.

How are files stored on a file system?

The structural level of a filesystem has three main sections: The superblock, The inode table and data blocks

Superblock : Is the section that contains information about the filesystem. Filesystem Type, Size, status, number of inodes.

Inodes Table: The collection of inodes for all files and directories on a filesystem. Each file in the Linux system gets its own inode. Inode(The portion of a file that holds information on the file’s attributes, access permissions, where it is located, who owns it, and file type. Each inode contains a unique inode number for identificattion purposes)

How do you view the inode number? ls -li

Data Blocks: The data that makes up the content of the file as well as the filename. Blocks are also know as allocation units.

Hard Link Characteristics

  • In a hard link, two files share the same data
  • Hard Link files are direct copies of one another
  • Same Size
  • They share the same inode and inode number
  • The hard link will look and behave the same as the original.
  • A file can be hard linked an unlimited number of times if the files reside on the same filesystem.
  • Hardlinks can not span across partitions
  • Points to a file by its inode

How do you create a Hard Link? To create a hard link you would use the ln (Link) command and specify the existing file to hard link and the target file that will be created.

Symbolic Link or symlic Charateristics

  • One file is a pointer or shortcut to another file. The files may point to files located on other partitions or other network drives
  • Symbolic links do not share the same inode and inode number with their target file
  • Different size
  • Symbolic links point to another file by its name
  • Soft links do not need to reside on the same filesystem
  • removing the target file for a symbolic link breaks the link and it will no longer work.

How do you create a symbolic link? To create a symbolic link you would use the ln (Link) command and use –s followed by the target file and the file you want to link.

Identify the default permissions created on files and directories

New files are given rw-rw-rw- by the system when they are created.

New directories are given rwxrwxrwx by the system when they are created.

Special Permissions

SUID Gives user who executes file temporarily ownership of a file while executing.

SGID Gives regular user who executes the file or binary compiled program temporary membership of the group that is attached to it.

Sticky Bit Prevents users who have permission to write to a directory from deleting files they did not create.


Special permissions.jpg


Example of setting Sticky Bit in special permissions

{root@server1 ~} # ls -l

total 12

drwx------ 2 root root 4096 May 2 21:41 dir2

{root@server1 ~} # chmod 1770 dir2

{root@server1 ~} ls –l

total 12

drwxrwx--T 2 root root 4096 May 2 21:41 dir2